aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort-dev
diff options
context:
space:
mode:
authorrobiscool <robrob2626@yahoo.com>2009-12-30 00:51:05 -0800
committerrobiscool <robrob2626@yahoo.com>2009-12-30 00:51:38 -0800
commitd0f804ddd88b5687ae471a20da7b2726390ae97f (patch)
treeb1914e4ecd4dd54ab2f52026494ab4d370e63ebb /config/snort-dev
parentb942041662c8cdc0cc6b676b9f4402e2861e00ca (diff)
downloadpfsense-packages-d0f804ddd88b5687ae471a20da7b2726390ae97f.tar.gz
pfsense-packages-d0f804ddd88b5687ae471a20da7b2726390ae97f.tar.bz2
pfsense-packages-d0f804ddd88b5687ae471a20da7b2726390ae97f.zip
snort-dev, add filtering for corrupted alerts file
Diffstat (limited to 'config/snort-dev')
-rw-r--r--config/snort-dev/snort.inc2
-rw-r--r--config/snort-dev/snort_alerts.php20
-rw-r--r--config/snort-dev/snort_blocked.php44
-rw-r--r--config/snort-dev/snort_rules.php92
4 files changed, 99 insertions, 59 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index bae2c384..db7bbc27 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -1463,7 +1463,7 @@ preprocessor http_inspect_server: server default \
chunk_length 500000 \
bare_byte yes \
double_decode yes \
- iis_unicode yes \
+ iis_unicode no \
iis_delimiter no \
multi_slash no
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php
index a9e002f8..bbfd214c 100644
--- a/config/snort-dev/snort_alerts.php
+++ b/config/snort-dev/snort_alerts.php
@@ -431,17 +431,23 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
{
$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
}else{
- $alerts_array = array_reverse(split("\n", file_get_contents('/var/log/snort/alert')));
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
}
+
+
+if (is_array($alerts_array))
+{
+
$counter = 0;
foreach($alerts_array as $fileline)
{
+
if($logent <= $counter)
continue;
-
+
$counter++;
-
+
/* Date */
$alert_date_str = get_snort_alert_date($fileline);
@@ -573,7 +579,9 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
}
/* NOTE: using one echo improves performance by 2x */
- echo "<tr id=\"{$counter}\">
+ if ($alert_disc != 'empty')
+ {
+ echo "<tr id=\"{$counter}\">
<td class=\"centerAlign\">{$counter}</td>
<td class=\"centerAlign\">{$alert_priority}</td>
<td class=\"centerAlign\">{$alert_proto}</td>
@@ -586,7 +594,8 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
<td class=\"centerAlign\">{$alert_dst_p}</td>
<td class=\"centerAlign\">{$alert_sid}</td>
<td>{$alert_date}</td>
- </tr>\n";
+ </tr>\n";
+ }
// <script type="text/javascript">
// var myTable = {};
@@ -596,6 +605,7 @@ if ($pconfig['arefresh'] == 'on' || $pconfig['arefresh'] == '')
// </script>
}
+}
?>
</tbody>
diff --git a/config/snort-dev/snort_blocked.php b/config/snort-dev/snort_blocked.php
index 06d03bd0..d4b4c2b9 100644
--- a/config/snort-dev/snort_blocked.php
+++ b/config/snort-dev/snort_blocked.php
@@ -323,7 +323,7 @@ $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_
$logent = $bnentries;
-if ($blocked_ips_array[0] != '')
+if ($blocked_ips_array[0] != '' && $alerts_array[0] != '')
{
/* build the list and compare blocks to alerts */
@@ -335,10 +335,21 @@ if ($blocked_ips_array[0] != '')
$alert_ip_src = get_snort_alert_ip_src($fileline);
$alert_ip_disc = get_snort_alert_disc($fileline);
+ $alert_ip_src_array[] = get_snort_alert_ip_src($fileline);
- if (in_array("$alert_ip_src", $blocked_ips_array))
- $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
+ if (in_array("$alert_ip_src", $blocked_ips_array))
+ {
+ $input[] = "[$alert_ip_src] " . "[$alert_ip_disc]\n";
+ }
+ }
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+
+ if (!in_array($alert_block_ip, $alert_ip_src_array))
+ {
+ $input[] = "[$alert_block_ip] " . "[N\A]\n";
+ }
}
/* reduce double occurrences */
@@ -374,7 +385,6 @@ if ($blocked_ips_array[0] != '')
$alert_block_disc = 'empty';
}
-
/* use one echo to do the magic*/
echo "<tr>
<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
@@ -385,13 +395,37 @@ if ($blocked_ips_array[0] != '')
</tr>\n";
}
+
+}else{
+
+ /* if alerts file is empty and blocked table is not empty */
+ $counter2 = 0;
+
+ foreach($blocked_ips_array as $alert_block_ip)
+ {
+ if($logent <= $counter2)
+ continue;
+
+ $counter2++;
+
+ $alert_block_disc = 'N/A';
+
+ /* use one echo to do the magic*/
+ echo "<tr>
+ <td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($alert_block_ip)) . "'>
+ <img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>
+ <td>&nbsp;{$counter2}</td>
+ <td>&nbsp;{$alert_block_ip}</td>
+ <td>&nbsp;{$alert_block_disc}</td>
+ </tr>\n";
+ }
}
if ($blocked_ips_array[0] == '')
{
echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\"><br><strong>There are currently no items being blocked by snort.</strong></td></tr>";
}else{
- echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
+ echo "\n<tr><td colspan='3' align=\"center\" valign=\"top\">{$counter2} items listed.</td></tr>";
}
?>
diff --git a/config/snort-dev/snort_rules.php b/config/snort-dev/snort_rules.php
index bc2f481d..ae3fca62 100644
--- a/config/snort-dev/snort_rules.php
+++ b/config/snort-dev/snort_rules.php
@@ -577,56 +577,55 @@ function popup(url)
if (strstr($tempstring, 'msg:"'))
$message = get_middle($tempstring, 'msg:"', '";', 0);
- echo "<tr>";
- echo "<td class=\"listt\">";
- echo $textss;
+ echo "<tr>
+ <td class=\"listt\">
+ $textss\n";
?>
- <a href="?id=<?=$id;?>&openruleset=<?=$file;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
- <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false) ">
+ <a href="?id=<?=$id;?>&openruleset=<?=$file;?>&act=toggle&ids=<?=$counter;?>"><img src="../themes/<?= $g['theme']; ?>/images/icons/<?=$iconb;?>" width="10" height="10" border="0" title="click to toggle enabled/disabled status"></a>
+ <input name="enable" type="checkbox" value="yes" <?= $ischecked; ?> onClick="enable_change(false)">
<?php
- echo $textse;
- echo "</td>";
-
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $sid;
- echo $textse;
- echo "</td>";
-
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $protocol;
+ echo "$textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $sid
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $protocol";
+ ?>
+ <?php
$printcounter++;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $source_port;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination;
- echo $textse;
- echo "</td>";
- echo "<td class=\"listlr\">";
- echo $textss;
- echo $destination_port;
- echo $textse;
- echo "</td>";
+ echo "$textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $source
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $source_port
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $destination
+ $textse
+ </td>
+ <td class=\"listlr\">
+ $textss
+ $destination_port
+ $textse
+ </td>";
?>
<td class="listbg"><font color="white">
<?php
- echo $textss;
- echo $message;
- echo $textse;
- echo "</td>";
+ echo "$textss
+ $message
+ $textse
+ </td>";
?>
<td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
@@ -639,10 +638,7 @@ function popup(url)
<?php
}
}
- echo " ";
- echo "There are ";
- echo $printcounter;
- echo " rules in this category. <br><br>";
+ echo " There are $printcounter rules in this category. <br><br>";
?>
</table>
</td>